"What makes ExpensiveWall different than its other family members is that it is ‘packed’ – an advanced obfuscation technique used by malware developers to encrypt malicious code – allowing it to evade Google Play’s built-in anti-malware protections," the company said.

Once the malware is installed, it uses the Android's phone number to sign up for a range of paid services without the victim's knowledge.

Google was notified of the impacted apps in early August and removed them from its marketplace, but hackers uploaded a second strain of ExpensiveWall that infected 5,000 more smartphones within days.

Apps removed from the Google Play Store will still be active on users' Android devices and must be deleted manually. A full list of the affected apps and package names can be found here.

Malware targeting Android-based smartphones continues to be problematic for app developers and consumers. As of March 2016, an estimated 1.3 to 1.4 billion people actively used Android-based devices across the globe, and 352 million people purchased them during the last quarter of 2016.

As the popularity of the Google-developed operating system rises, hackers churn out new ways to steal personal or financial data, falsify revenue and spy on users.

In 2016, SophosLabs processed more than 8.5 million suspicious Android applications, and more than 50 percent were a form of malicious software or adware.